False alarm from bots

I’m on call this week, and whenever there’s alert, it comes to my mobile. I’ve had Error rate > 5% alert from PagerDuty the other day. I’ve acknowledged the alert, (otherwise it keeps sending me the alerts) and investigated it.

A public action method ‘Login’ was not found on controller ‘xxxxWeb.Controllers.HomeController’

It was interesting. The action method definitely exists there, but we had 5 errors instantly. After investigation and some googling, it turned out that excel spreadsheet and some crawling bot were hitting the endpoint with HEAD and OPTIONS verb.

Why? I don’t know, but the fix was simple. Currently, Login was constrained to GET. Simply take off the constraint and the page will serve HEAD and OPTIONS very well.

It’s fun to be a on-call engineer. You can see loads of things you haven’t expected to see, in real world, on production server.